BreachExchange mailing list archives
PHH Data Breach Exposes Employee Information
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 16 May 2013 08:45:47 -0400
http://www.americanbanker.com/issues/178_94/phh-data-breach-exposes-employee-information-1059140-1.html WASHINGTON — A temporary worker for PHH Corp. potentially gained access to employees' personal information, including Social Security numbers and dates of birth, according to a letter from the company's chief executive. In a letter posted on the California Department of Justice's website, Glen Messina, the $9.3 billion-asset mortgage servicer's president and chief executive, wrote that the company learned on April 3 that the former employee was indicted and is cooperating with an investigation. The servicer has sent the letter to former and existing employees of the company, cautioning them of the data breach. The company did not disclose how many letters were sent, but it had roughly 6,700 employees at the end of 2012, according to its annual report. Messina said that the servicer had no evidence the temporary worker misused the data based on their own investigation, but they offered identity protection services through a company called AllClear ID until Nov. 15, 2014. The company also acknowledged it could improve its own policies that allow temporary workers access to so much information. "We take our obligation to safeguard your personal information very seriously," Messina wrote to employees. "We continue to take steps to help prevent this type of incident from reoccurring, including enhancing some of our policies surrounding temporary employees and access to data." The investigation was revealed just a month after the company named Kathryn Ruggieri as senior vice president and chief human resources officer. Ruggieri has been the interim human resources officer since last September. A call to the company was not immediately returned. PHH is one of the largest mortgage servicers in the country and had a $182 billion loan servicing portfolio at March 31. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- PHH Data Breach Exposes Employee Information Erica Absetz (May 16)